projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85f1bd9) | patch
packet: fix tp_reserve race in packet_set_ring
authorWillem de Bruijn <willemb@google.com>
Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)
committerDavid S. Miller <davem@davemloft.net>
Thu, 10 Aug 2017 16:52:12 +0000 (09:52 -0700)
commitc27927e372f0785f3303e8fad94b85945e2c97b7
tree3602b8aeb2cc349ba954d4ff17028d364e395c56tree | snapshot (tar.gz zip)
parent85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfacommit | diff
packet: fix tp_reserve race in packet_set_ring

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/packet/af_packet.c diff | blob | blame | history